Data retention: Industry reiterates warning on costs

"You're going to the shops to get a litre of milk anyway, so it's no big deal to bring me the whole supermarket" — that's how iiNet's chief regulatory officer, Steve Dalby, today described government suggestions a mandatory data retention scheme would not impose significant burdens on telecommunications carriers.

Dalby appeared today before a Senate inquiry examining potential reform of the Telecommunications (Interception and Access) Act 1979. Today's hearing focused heavily on the potential for the government to introduce a scheme that would require carriers to retain for two years metadata associated with customers' use of their services.

Attorney-General George Brandis confirmed earlier this month that the government was eyeing the introduction of a data retention scheme for telcos, but it was not included in the first tranche of national security-related legislation introduced by the government.

Dalby said that a written submission by the Attorney-General's Department to the inquiry which claimed that "service providers routinely engage in telecommunications data retention for their business purposes" was "overstated".

"Carriers only collect appropriate data for their businesses," the iiNet executive said. "There's a world of differences between the data collected in order to bill a customer for their Internet or telephone usage versus the collection of a mass of data generated by a customer during their sessions online.

"The data generated by telecommunications traffic massively outweighs the data required for ISPs and carriers to run their businesses."

The metadata generated by iiNet's telephone traffic could fit on a USB stick. However, the broader data retention scheme mulled by the government and outlined in a confidential briefing document circulated to industry stakeholders would require massive investment in storage and processing capacity.

"We're very confused about what is required so it's very difficult for us to calculate what the costs will be," Dalby said.

"If we're only required to keep routine metadata for telephone calls, well we can probably pack up today and we will not speak again. If, however, the confidential briefing paper that was provided by the Attorney-General's Department is to be interpreted the way we have, then yes there will be massive costs."

The ISP has previously estimated it would cost around $60 million to establish and operate a data retention scheme in the first two years. However, the explosion of metadata and the increase in the number of networked devices means that despite dropping storage prices the cost would be "more in the order of $100 million for that first two year period of data collection".

Dalby dismissed attempts to downplay the amount of information contained in metadata. Describing metadata as "just like the envelope" that holds a letter is a fallacy, the iiNet executive said.

Suggestions that the ISP could easily separate metadata from content and simply store the former were also wrong: "That is petabytes of data a day for our own organisation — you would need super computers to extract that data and frankly we don't want that job," Dalby said.

Representatives of the Australian Mobile Telecommunications Association and the Communications Alliance also appeared at today's hearing and raised concerns about the prospect of a data retention regime.

The groups have previously estimated that establishing such a scheme could cost half a billion dollars. The cost of implementing data retention, proposed changes to online copyright enforcement and a government push to increase the of telecommunications infrastructure "have the potential to dwarf the entire red tape reduction achieved across all portfolios," Communications Alliance CEO John Stanton told the inquiry.

"A number of the proposals [are] an exercise in shifting costs to the industry – costs that will ultimately be borne by consumers," the Comms Alliance CEO said. Cost recovery "should be enshrined in any reforms, partly because that also acts as a natural curb against excessive requests or activity by law enforcement agencies and encourage them to target their activities."

"It's not just the shifting of costs that we're worried about, but also obligations to service providers who at the end of the day are not police and can sometimes struggle to deal with requests if they're required to process issues in which frankly they're not trained," Stanton added.

"Industry has long had a concern about the level of information that is retained by itself for commercial purposes versus information retained for other purposes," AMTA chief executive Chris Althaus said.

"We are keen to be part of the solution, not of the problem but one of the large concerns... is this cost shifting exerciser whereby a large quantum of cost in this law enforcement and national security space is ending up within industry," Althaus said.

The AMTA chief executive told the inquiry mobile data volumes are predicted to increase by a factor of 10 between 2013 and 2019. "Should we have to build a system to retain data for a lengthy period, it's not just as simple as pushing a button or tapping an extra resource," Althaus said.

"In actual fact we'd have to duplicate the data — that duplication would be required because this data comes from a multitude of IT systems within carriers so to be helpful to law enforcement agencies. It would need to be duplicated, aggregated. Then we have to store it — I'm sure there's a vacant suburb somewhere where we could build a data centre!

"We have to manage it and have to be able to interrogate it. There are the privacy and security issues that go with that. All of these things are very, very considerable issues to address."

Dalby, too, warned of the security implications of storing such large volumes of data about customers.

The Senate inquiry, initiated by Greens Senator Scott Ludlam, is due to report on 27 August.

Copyright 2015 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.